To decrypt content data encrypted and recorded in a recording medium (encrypted content data) such as digital versatile disc (DVD) or a Blu-ray (registered trademark) disc (BD), a player also reads key data encrypted and recorded in the same recording medium (an encrypted content data key) for decrypting the encrypted content data. The player decrypts the encrypted content data key using another key (device key) concealed inside of the player in advance. The player then decrypts the encrypted content data using the content data key obtained in the previous step.
A disc reading apparatus (drive) is used to read data from a recording medium such as a DVD or BD, and a card reader is used to read data from a memory card such as a SD (registered trademark) memory card. A player may be a piece of software (hereinafter, sometimes referred to as a host) installed in a personal computer (PC), and, in the PC system, the data to be read may require additional protection. For such a case, there is an additional protection technology for encrypting the data before reading the data from a recording medium, using a shared key shared in advance by performing an authentication and key exchange (AKE) process that uses secret information that is kept concealed between the drive (when a recording medium is a BD or a DVD, for example) and the host, or between the SD card and the host. With such a configuration, when the data in the recording medium has already been encrypted, the data will be encrypted again. With such a technology, even if a host obtains the device key illegitimately, the host is prohibited from reading the data, because the host is incapable of executing the AKE process correctly without the secret information required in the AKE process.
The conventional technology is, however, incapable of preventing any host who has illegitimately obtained the secret information used in the AKE process from illegitimately reading the data.